To add more security to all card payments RBI has brought new rules and regulations.
Reserve Bank of India, which is the central bank of India regulates and supervises banks and other financial institutions across India. RBI asked every payment gateway and merchant to delete all sensitive customer data that is available with them.
From January 1, 2022 new rules and guidelines will come in action. Online purchases will be done through token system that will be end to end encrypted.
The banks have started notifying their customers about new guidelines introduced by RBI.
Every time, to make a card payment customers will have to enter full card details or will have to opt for token system/tokenization.
New RBI Rule
From January 1, 2022 no payment gateway or merchant can store sensitive data used during card transaction. Only card networks and card issuers will have the data stored for their use. Merchants and payment gateways will delete any previous data under new rules and regulations.
Merchants and payment gateways can track transactions. For doing that they can store last four digits of card number and name of card issuer.
Working Of Tokenization
Tokenization is referred to a process where instead of providing card details customer can provide a code referred as ‘token’. Token is unique for a card, token requestor and device.
Steps during an online transaction:
- Customer can initiate request on an app provided by Token Requestor.
- Token Requestor will forward request to Card Network.
- Card Network will take consent of Card Issuer.
- Card Network will then issue a token unique to card, token requestor and device
You Need To Do
To start a transaction with a merchant you will have to initiate tokenization. Token requestor will ask for consent to tokenize your debit and credit cards. After you give your consent, merchant will send tokenization request to card network. Card network will then take consent of card issuer and issue a token to the merchant. Customers can opt to save their token numbers on merchant websites. To complete transaction you will have to enter CVV and OTP every time after tokenization like usual.